I can't seem to make a ticket on the trac. Here's the contents of what I want to say:
With the way bbPress is currently set up, an Administrator could, just by editing the profile of a Key Master, remove the Key Master privileges. I suggest editing Key Master profiles cannot be done by anyone but Key Masters, or the administration portion of the profile should not be shown to anyone lower than Key Master if they are editing the profile of a Key Master.
bbPress support forums » Requests and Feedback
Can someone make a ticket for me?
(8 posts)-
Posted 11 months ago #
-
You must login, then click on New Ticket.
WordPress Support/Extend/Trac and bbPress Forums/Extend/Trac all can be logged in with the same username and password.
Posted 11 months ago # -
TICKET_CREATE privileges are required to perform this operationPosted 11 months ago # -
I created the ticket for you:
http://trac.bbpress.org/ticket/767Posted 11 months ago # -
I think changing
if ( !bb_current_user_can( 'edit_user', $user_id ) ) { $sendto = bb_get_option('uri'); wp_redirect( $sendto ); }in
profile-edit.phpto
if ( !bb_current_user_can( 'edit_user', $user_id ) || (!bb_current_user_can('use_keys') && $user->has_cap('use_keys')) ) { $sendto = bb_get_option('uri'); wp_redirect( $sendto ); }would fix the problem.
Posted 11 months ago # -
Should be fixed I thought. http://trac.bbpress.org/changeset/903
Posted 11 months ago # -
fel64 wrote:
Should be fixed I thought. http://trac.bbpress.org/changeset/903That only prevents keymasters from demoting themselves. What I want them to prevent is administrators demoting keymasters.
Posted 11 months ago # -
Sorry, obviously didn't pay good enough attention.
Posted 11 months ago #
Reply
You must log in to post.